{
 "cells": [
  {
   "cell_type": "markdown",
   "source": [
    "# scapy使用"
   ],
   "metadata": {
    "collapsed": false
   },
   "id": "f6c372bb891d0b82"
  },
  {
   "cell_type": "markdown",
   "source": [
    "## 0.安装"
   ],
   "metadata": {
    "collapsed": false
   },
   "id": "1dac555cf512039d"
  },
  {
   "cell_type": "code",
   "execution_count": 8,
   "outputs": [
    {
     "name": "stdout",
     "output_type": "stream",
     "text": [
      "Requirement already satisfied: kamene in c:\\users\\admin\\.conda\\envs\\kamene\\lib\\site-packages (0.32)\n"
     ]
    }
   ],
   "source": [
    "!pip install kamene"
   ],
   "metadata": {
    "collapsed": false,
    "ExecuteTime": {
     "end_time": "2024-12-16T12:21:45.107144600Z",
     "start_time": "2024-12-16T12:21:43.895350400Z"
    }
   },
   "id": "9b24ffa02e03ff3c"
  },
  {
   "cell_type": "code",
   "execution_count": 9,
   "outputs": [
    {
     "name": "stdout",
     "output_type": "stream",
     "text": [
      "Requirement already satisfied: cryptography in c:\\users\\admin\\.conda\\envs\\kamene\\lib\\site-packages (44.0.0)\n",
      "Requirement already satisfied: cffi>=1.12 in c:\\users\\admin\\.conda\\envs\\kamene\\lib\\site-packages (from cryptography) (1.17.1)\n",
      "Requirement already satisfied: pycparser in c:\\users\\admin\\.conda\\envs\\kamene\\lib\\site-packages (from cffi>=1.12->cryptography) (2.21)\n"
     ]
    }
   ],
   "source": [
    "!pip install cryptography"
   ],
   "metadata": {
    "collapsed": false,
    "ExecuteTime": {
     "end_time": "2024-12-16T12:21:46.277609300Z",
     "start_time": "2024-12-16T12:21:45.109143500Z"
    }
   },
   "id": "a839f6b26efbc758"
  },
  {
   "cell_type": "code",
   "execution_count": 11,
   "outputs": [
    {
     "name": "stdout",
     "output_type": "stream",
     "text": [
      "Requirement already satisfied: ipython in c:\\users\\admin\\.conda\\envs\\kamene\\lib\\site-packages (8.12.2)\n",
      "Requirement already satisfied: backcall in c:\\users\\admin\\.conda\\envs\\kamene\\lib\\site-packages (from ipython) (0.2.0)\n",
      "Requirement already satisfied: decorator in c:\\users\\admin\\.conda\\envs\\kamene\\lib\\site-packages (from ipython) (5.1.1)\n",
      "Requirement already satisfied: jedi>=0.16 in c:\\users\\admin\\.conda\\envs\\kamene\\lib\\site-packages (from ipython) (0.19.1)\n",
      "Requirement already satisfied: matplotlib-inline in c:\\users\\admin\\.conda\\envs\\kamene\\lib\\site-packages (from ipython) (0.1.6)\n",
      "Requirement already satisfied: pickleshare in c:\\users\\admin\\.conda\\envs\\kamene\\lib\\site-packages (from ipython) (0.7.5)\n",
      "Requirement already satisfied: prompt-toolkit!=3.0.37,<3.1.0,>=3.0.30 in c:\\users\\admin\\.conda\\envs\\kamene\\lib\\site-packages (from ipython) (3.0.43)\n",
      "Requirement already satisfied: pygments>=2.4.0 in c:\\users\\admin\\.conda\\envs\\kamene\\lib\\site-packages (from ipython) (2.15.1)\n",
      "Requirement already satisfied: stack-data in c:\\users\\admin\\.conda\\envs\\kamene\\lib\\site-packages (from ipython) (0.2.0)\n",
      "Requirement already satisfied: traitlets>=5 in c:\\users\\admin\\.conda\\envs\\kamene\\lib\\site-packages (from ipython) (5.14.3)\n",
      "Requirement already satisfied: typing-extensions in c:\\users\\admin\\.conda\\envs\\kamene\\lib\\site-packages (from ipython) (4.11.0)\n",
      "Requirement already satisfied: colorama in c:\\users\\admin\\.conda\\envs\\kamene\\lib\\site-packages (from ipython) (0.4.6)\n",
      "Requirement already satisfied: parso<0.9.0,>=0.8.3 in c:\\users\\admin\\.conda\\envs\\kamene\\lib\\site-packages (from jedi>=0.16->ipython) (0.8.3)\n",
      "Requirement already satisfied: wcwidth in c:\\users\\admin\\.conda\\envs\\kamene\\lib\\site-packages (from prompt-toolkit!=3.0.37,<3.1.0,>=3.0.30->ipython) (0.2.13)\n",
      "Requirement already satisfied: executing in c:\\users\\admin\\.conda\\envs\\kamene\\lib\\site-packages (from stack-data->ipython) (0.8.3)\n",
      "Requirement already satisfied: asttokens in c:\\users\\admin\\.conda\\envs\\kamene\\lib\\site-packages (from stack-data->ipython) (2.0.5)\n",
      "Requirement already satisfied: pure-eval in c:\\users\\admin\\.conda\\envs\\kamene\\lib\\site-packages (from stack-data->ipython) (0.2.2)\n",
      "Requirement already satisfied: six in c:\\users\\admin\\.conda\\envs\\kamene\\lib\\site-packages (from asttokens->stack-data->ipython) (1.16.0)\n"
     ]
    }
   ],
   "source": [
    "# 如果不在jupyter中运行需要安装ipython\n",
    "!pip install ipython"
   ],
   "metadata": {
    "collapsed": false,
    "ExecuteTime": {
     "end_time": "2024-12-16T12:22:21.369634200Z",
     "start_time": "2024-12-16T12:22:20.187693300Z"
    }
   },
   "id": "41e003b10221c6bf"
  },
  {
   "cell_type": "markdown",
   "source": [
    "## 1.导入"
   ],
   "metadata": {
    "collapsed": false
   },
   "id": "9276adc60a6e713"
  },
  {
   "cell_type": "code",
   "execution_count": 12,
   "id": "initial_id",
   "metadata": {
    "collapsed": true,
    "ExecuteTime": {
     "end_time": "2024-12-16T12:22:26.620289900Z",
     "start_time": "2024-12-16T12:22:26.614291900Z"
    }
   },
   "outputs": [],
   "source": [
    "from kamene.all import *"
   ]
  },
  {
   "cell_type": "markdown",
   "source": [
    "## 2.基本使用"
   ],
   "metadata": {
    "collapsed": false
   },
   "id": "85f9ef213398c259"
  },
  {
   "cell_type": "markdown",
   "source": [
    "### 2.1 构造数据包"
   ],
   "metadata": {
    "collapsed": false
   },
   "id": "b41f92fe94dc014c"
  },
  {
   "cell_type": "code",
   "execution_count": 14,
   "outputs": [
    {
     "data": {
      "text/plain": "<IP  src=192.168.1.1 dst=192.168.1.2 |>"
     },
     "execution_count": 14,
     "metadata": {},
     "output_type": "execute_result"
    }
   ],
   "source": [
    "# 括号中的属性就是每一层的具体内容\n",
    "ip = IP(src=\"192.168.1.1\",dst=\"192.168.1.2\")\n",
    "ip"
   ],
   "metadata": {
    "collapsed": false,
    "ExecuteTime": {
     "end_time": "2024-12-16T12:24:34.345838700Z",
     "start_time": "2024-12-16T12:24:34.325244Z"
    }
   },
   "id": "a0a01c80ba58642a"
  },
  {
   "cell_type": "code",
   "execution_count": 16,
   "outputs": [
    {
     "name": "stdout",
     "output_type": "stream",
     "text": [
      "###[ IP ]###\n",
      "  version   = 4\n",
      "  ihl       = None\n",
      "  tos       = 0x0\n",
      "  len       = None\n",
      "  id        = 1\n",
      "  flags     = \n",
      "  frag      = 0\n",
      "  ttl       = 64\n",
      "  proto     = ip\n",
      "  chksum    = None\n",
      "  src       = 192.168.1.1\n",
      "  dst       = 192.168.1.2\n",
      "  \\options   \\\n"
     ]
    }
   ],
   "source": [
    "# 查看具体信息\n",
    "ip.show()"
   ],
   "metadata": {
    "collapsed": false,
    "ExecuteTime": {
     "end_time": "2024-12-16T12:25:06.583674400Z",
     "start_time": "2024-12-16T12:25:06.568903300Z"
    }
   },
   "id": "63a8051d173cb1d6"
  },
  {
   "cell_type": "code",
   "execution_count": 17,
   "outputs": [
    {
     "name": "stdout",
     "output_type": "stream",
     "text": [
      "###[ IP ]###\n",
      "  version   = 4\n",
      "  ihl       = None\n",
      "  tos       = 0x0\n",
      "  len       = None\n",
      "  id        = 1\n",
      "  flags     = \n",
      "  frag      = 0\n",
      "  ttl       = 64\n",
      "  proto     = icmp\n",
      "  chksum    = None\n",
      "  src       = 192.168.1.2\n",
      "  dst       = Net('www.baidu.com')\n",
      "  \\options   \\\n",
      "###[ ICMP ]###\n",
      "     type      = echo-request\n",
      "     code      = 0\n",
      "     chksum    = None\n",
      "     id        = 0x0\n",
      "     seq       = 0x0\n"
     ]
    }
   ],
   "source": [
    "ping = IP(dst='www.baidu.com')/ICMP()\n",
    "ping.show()"
   ],
   "metadata": {
    "collapsed": false,
    "ExecuteTime": {
     "end_time": "2024-12-16T12:25:56.457738300Z",
     "start_time": "2024-12-16T12:25:56.405740700Z"
    }
   },
   "id": "70f62b20a79153f0"
  },
  {
   "cell_type": "code",
   "execution_count": 19,
   "outputs": [
    {
     "name": "stdout",
     "output_type": "stream",
     "text": [
      "###[ IP ]###\n",
      "  version   = 4\n",
      "  ihl       = None\n",
      "  tos       = 0x0\n",
      "  len       = None\n",
      "  id        = 1\n",
      "  flags     = \n",
      "  frag      = 0\n",
      "  ttl       = 64\n",
      "  proto     = tcp\n",
      "  chksum    = None\n",
      "  src       = 192.168.1.2\n",
      "  dst       = Net('www.baidu.com')\n",
      "  \\options   \\\n",
      "###[ TCP ]###\n",
      "     sport     = ftp_data\n",
      "     dport     = http\n",
      "     seq       = 0\n",
      "     ack       = 0\n",
      "     dataofs   = None\n",
      "     reserved  = 0\n",
      "     flags     = S\n",
      "     window    = 8192\n",
      "     chksum    = None\n",
      "     urgptr    = 0\n",
      "     options   = {}\n",
      "###[ IP ]###\n",
      "  version   = 4\n",
      "  ihl       = None\n",
      "  tos       = 0x0\n",
      "  len       = None\n",
      "  id        = 1\n",
      "  flags     = \n",
      "  frag      = 0\n",
      "  ttl       = 64\n",
      "  proto     = tcp\n",
      "  chksum    = None\n",
      "  src       = 192.168.1.2\n",
      "  dst       = Net('www.baidu.com')\n",
      "  \\options   \\\n",
      "###[ TCP ]###\n",
      "     sport     = ftp_data\n",
      "     dport     = https\n",
      "     seq       = 0\n",
      "     ack       = 0\n",
      "     dataofs   = None\n",
      "     reserved  = 0\n",
      "     flags     = S\n",
      "     window    = 8192\n",
      "     chksum    = None\n",
      "     urgptr    = 0\n",
      "     options   = {}\n"
     ]
    }
   ],
   "source": [
    "tcp = IP(dst=\"www.baidu.com\")/TCP(dport=80)\n",
    "tcp.show()\n",
    "# 修改信息\n",
    "tcp[\"TCP\"].dport=443\n",
    "tcp.show()"
   ],
   "metadata": {
    "collapsed": false,
    "ExecuteTime": {
     "end_time": "2024-12-16T12:28:16.132815600Z",
     "start_time": "2024-12-16T12:28:16.110805500Z"
    }
   },
   "id": "662f1b13cfe26db3"
  },
  {
   "cell_type": "markdown",
   "source": [
    "### 2.2 发送数据包"
   ],
   "metadata": {
    "collapsed": false
   },
   "id": "adfd5afc76d2c93d"
  },
  {
   "cell_type": "code",
   "execution_count": 20,
   "outputs": [
    {
     "name": "stdout",
     "output_type": "stream",
     "text": [
      "\n",
      "Sent 1 packets.\n"
     ]
    }
   ],
   "source": [
    "# 发送三层包并不返回结果\n",
    "send(ping)"
   ],
   "metadata": {
    "collapsed": false,
    "ExecuteTime": {
     "end_time": "2024-12-16T12:29:49.820296Z",
     "start_time": "2024-12-16T12:29:49.687113900Z"
    }
   },
   "id": "c5a2e84cf6219b57"
  },
  {
   "cell_type": "code",
   "execution_count": 21,
   "outputs": [
    {
     "name": "stdout",
     "output_type": "stream",
     "text": [
      "###[ Ethernet ]###\n",
      "  dst       = 28:de:a8:02:88:ab\n",
      "  src       = d4:93:90:18:94:52\n",
      "  type      = 0x800\n",
      "###[ IP ]###\n",
      "     version   = 4\n",
      "     ihl       = None\n",
      "     tos       = 0x0\n",
      "     len       = None\n",
      "     id        = 1\n",
      "     flags     = \n",
      "     frag      = 0\n",
      "     ttl       = 64\n",
      "     proto     = ip\n",
      "     chksum    = None\n",
      "     src       = 192.168.1.2\n",
      "     dst       = Net('www.baidu.com')\n",
      "     \\options   \\\n",
      "\n",
      "Sent 1 packets.\n"
     ]
    }
   ],
   "source": [
    "# 发送二层包并不返回结果\n",
    "ip = Ether()/IP(dst=\"www.baidu.com\")\n",
    "ip.show()\n",
    "sendp(ping)"
   ],
   "metadata": {
    "collapsed": false,
    "ExecuteTime": {
     "end_time": "2024-12-16T12:30:45.025477Z",
     "start_time": "2024-12-16T12:30:44.991313600Z"
    }
   },
   "id": "8504f0fdcd8b2ffb"
  },
  {
   "cell_type": "code",
   "execution_count": 25,
   "outputs": [
    {
     "name": "stdout",
     "output_type": "stream",
     "text": [
      "Begin emission:\n",
      "Finished to send 1 packets.\n",
      "\n",
      "Received 5 packets, got 1 answers, remaining 0 packets\n",
      "###[ IP ]###\n",
      "  version   = 4\n",
      "  ihl       = 5\n",
      "  tos       = 0x0\n",
      "  len       = 28\n",
      "  id        = 1\n",
      "  flags     = \n",
      "  frag      = 0\n",
      "  ttl       = 53\n",
      "  proto     = icmp\n",
      "  chksum    = 0x607a\n",
      "  src       = 183.2.172.185\n",
      "  dst       = 192.168.1.2\n",
      "  \\options   \\\n",
      "###[ ICMP ]###\n",
      "     type      = echo-reply\n",
      "     code      = 0\n",
      "     chksum    = 0x0\n",
      "     id        = 0x0\n",
      "     seq       = 0x0\n",
      "###[ Padding ]###\n",
      "        load      = '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'\n"
     ]
    }
   ],
   "source": [
    "# 发送并接受一次返回结果\n",
    "ans = sr1(ping)\n",
    "ans.show()"
   ],
   "metadata": {
    "collapsed": false,
    "ExecuteTime": {
     "end_time": "2024-12-16T12:32:10.198628600Z",
     "start_time": "2024-12-16T12:32:10.067976300Z"
    }
   },
   "id": "f9932afc4dea2a52"
  },
  {
   "cell_type": "code",
   "execution_count": 26,
   "outputs": [
    {
     "name": "stdout",
     "output_type": "stream",
     "text": [
      "Begin emission:\n",
      "Finished to send 1 packets.\n",
      "\n",
      "Received 2 packets, got 1 answers, remaining 0 packets\n",
      "0000 IP / ICMP 192.168.1.2 > 183.2.172.185 echo-request 0 ==> IP / ICMP 183.2.172.185 > 192.168.1.2 echo-reply 0 / Padding\n"
     ]
    }
   ],
   "source": [
    "# 发送并接受多次次返回结果\n",
    "# 默认会返回两个，一个是有回应的，一个是没有回应的\n",
    "ans,unans = sr(ping)\n",
    "ans.show()"
   ],
   "metadata": {
    "collapsed": false,
    "ExecuteTime": {
     "end_time": "2024-12-16T12:32:47.873967500Z",
     "start_time": "2024-12-16T12:32:47.746965500Z"
    }
   },
   "id": "bb89cfdc40613ae6"
  },
  {
   "cell_type": "code",
   "execution_count": 27,
   "outputs": [],
   "source": [
    "unans.show()"
   ],
   "metadata": {
    "collapsed": false,
    "ExecuteTime": {
     "end_time": "2024-12-16T12:33:04.240774400Z",
     "start_time": "2024-12-16T12:33:04.226762300Z"
    }
   },
   "id": "94d609c5761011fa"
  },
  {
   "cell_type": "markdown",
   "source": [
    "### 2.3 筛选结果"
   ],
   "metadata": {
    "collapsed": false
   },
   "id": "4b81c9f47f43e2b7"
  },
  {
   "cell_type": "code",
   "execution_count": 35,
   "outputs": [
    {
     "name": "stdout",
     "output_type": "stream",
     "text": [
      "0000 IP / ICMP 192.168.1.2 > 183.2.172.185 echo-request 0 ==> IP / ICMP 183.2.172.185 > 192.168.1.2 echo-reply 0 / Padding\n"
     ]
    }
   ],
   "source": [
    "ans.show()"
   ],
   "metadata": {
    "collapsed": false,
    "ExecuteTime": {
     "end_time": "2024-12-16T12:38:11.642071600Z",
     "start_time": "2024-12-16T12:38:11.629071500Z"
    }
   },
   "id": "ae48fabe00106714"
  },
  {
   "cell_type": "code",
   "execution_count": 36,
   "outputs": [
    {
     "data": {
      "text/plain": "[(<IP  frag=0 proto=icmp dst=183.2.172.185 |<ICMP  |>>,\n  <IP  version=4 ihl=5 tos=0x0 len=28 id=1 flags= frag=0 ttl=53 proto=icmp chksum=0x607a src=183.2.172.185 dst=192.168.1.2 options=[] |<ICMP  type=echo-reply code=0 chksum=0x0 id=0x0 seq=0x0 |<Padding  load='\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00' |>>>)]"
     },
     "execution_count": 36,
     "metadata": {},
     "output_type": "execute_result"
    }
   ],
   "source": [
    "filterres = IP(dst='183.2.172.185')\n",
    "[filterres for filterres in ans]"
   ],
   "metadata": {
    "collapsed": false,
    "ExecuteTime": {
     "end_time": "2024-12-16T12:39:26.544875300Z",
     "start_time": "2024-12-16T12:39:26.532213Z"
    }
   },
   "id": "ceae2d501ce253df"
  },
  {
   "cell_type": "markdown",
   "source": [
    "### 2.4 pcap文件"
   ],
   "metadata": {
    "collapsed": false
   },
   "id": "a31e18f761f746e8"
  },
  {
   "cell_type": "code",
   "execution_count": 28,
   "outputs": [
    {
     "name": "stdout",
     "output_type": "stream",
     "text": [
      "0000 Ether / IP / TCP 192.168.1.2:2397 > 202.89.233.101:https A / Raw\n",
      "0001 Ether / IP / TCP 192.168.1.2:2397 > 202.89.233.101:https PA / Raw\n",
      "0002 Ether / IP / TCP 192.168.1.2:2397 > 202.89.233.101:https PA / Raw\n",
      "0003 Ether / IP / TCP 192.168.1.2:2397 > 202.89.233.101:https PA / Raw\n",
      "0004 Ether / IP / TCP 202.89.233.101:https > 192.168.1.2:2397 A / Padding\n",
      "0005 Ether / IP / TCP 202.89.233.101:https > 192.168.1.2:2397 A / Padding\n",
      "0006 Ether / IP / TCP 202.89.233.101:https > 192.168.1.2:2397 A / Padding\n",
      "0007 Ether / IP / TCP 202.89.233.101:https > 192.168.1.2:2397 PA / Raw\n",
      "0008 Ether / IP / TCP 192.168.1.2:2397 > 202.89.233.101:https A\n",
      "0009 Ether / IP / UDP 192.168.1.2:58917 > 138.2.100.52:2056 / Raw\n",
      "0010 28:de:a8:02:88:ab > ff:ff:ff:ff:ff:ff (0xfffa) / Raw\n",
      "0011 Ether / IP / UDP 138.2.100.52:2056 > 192.168.1.2:58917 / Raw\n"
     ]
    }
   ],
   "source": [
    "# 读取pcap文件\n",
    "pkts = rdpcap(\"a.pcap\")\n",
    "pkts.show()"
   ],
   "metadata": {
    "collapsed": false,
    "ExecuteTime": {
     "end_time": "2024-12-16T12:34:07.504025Z",
     "start_time": "2024-12-16T12:34:07.489208500Z"
    }
   },
   "id": "c6077943dea832e3"
  },
  {
   "cell_type": "code",
   "execution_count": 29,
   "outputs": [],
   "source": [
    "# 保存pcap文件\n",
    "wrpcap(\"temp.pcap\",pkts)"
   ],
   "metadata": {
    "collapsed": false,
    "ExecuteTime": {
     "end_time": "2024-12-16T12:34:24.444857500Z",
     "start_time": "2024-12-16T12:34:24.425845200Z"
    }
   },
   "id": "baf78682daa78284"
  },
  {
   "cell_type": "code",
   "execution_count": 30,
   "outputs": [
    {
     "name": "stdout",
     "output_type": "stream",
     "text": [
      "0000 18:54:36.041997 Ether / IP / TCP 192.168.1.2:2397 > 202.89.233.101:https A / Raw\n",
      "0000   28 DE A8 02 88 AB D4 93  90 18 94 52 08 00 45 00   (..........R..E.\n",
      "0010   05 C8 CD 0D 40 00 80 06  B2 B8 C0 A8 01 02 CA 59   ....@..........Y\n",
      "0020   E9 65 09 5D 01 BB FE 8D  98 CF 9E 32 21 32 50 10   .e.].......2!2P.\n",
      "0030   03 FD FB D4 00 00 17 03  03 0A 35 6F C9 7E 38 0F   ..........5o.~8.\n",
      "0040   7F 0F 27 4C D7 CE 06 B7  3D C1 59 DA 4F BE 26 27   ..'L....=.Y.O.&'\n",
      "0050   73 BD 13 66 DE AE 93 EC  02 A7 FA F0 06 53 59 62   s..f.........SYb\n",
      "0060   90 AC 1D 21 70 74 BE 04  06 34 84 D4 16 F5 04 1D   ...!pt...4......\n",
      "0070   2D 87 FC B5 66 60 83 1C  99 F3 C5 E0 7C 3C BE 9B   -...f`......|<..\n",
      "0080   88 D6 EA A8 8A 65 51 75  EB 6A EC 32 16 3E 4E E9   .....eQu.j.2.>N.\n",
      "0090   43 F7 70 D3 F8 B9 28 E1  02 D6 5E C5 2C 5A C6 81   C.p...(...^.,Z..\n",
      "00a0   AA 38 AE 5B A4 67 FA 28  4C 7D A7 97 BC 0B 61 7C   .8.[.g.(L}....a|\n",
      "00b0   61 74 B9 6F B4 A5 22 E7  B1 6E 29 C1 26 D7 56 E4   at.o..\"..n).&.V.\n",
      "00c0   0B A5 36 83 8F 96 1B EC  90 95 F2 AA 99 71 58 0B   ..6..........qX.\n",
      "00d0   67 91 A2 21 87 23 3F 2B  53 DC C8 A8 54 8C C4 D5   g..!.#?+S...T...\n",
      "00e0   CA BF 54 A9 0F 92 C3 AB  95 DA 69 D0 35 52 85 A7   ..T.......i.5R..\n",
      "00f0   B0 42 2D A4 D5 6D E3 5A  B4 C7 35 D3 B7 6E 16 82   .B-..m.Z..5..n..\n",
      "0100   6F A8 C2 46 E2 64 F0 F0  61 60 DE 78 04 0D B4 FE   o..F.d..a`.x....\n",
      "0110   92 E4 B4 83 4D A0 34 23  70 1F 5B F0 06 D5 C5 9B   ....M.4#p.[.....\n",
      "0120   38 41 7F 6D 39 D6 9D 2C  34 41 FF 9E 07 93 41 20   8A.m9..,4A....A \n",
      "0130   5E 35 29 9E A4 3F A7 12  4A B2 A4 3E 15 AB D8 4C   ^5)..?..J..>...L\n",
      "0140   08 2B 99 C2 7D 54 8A EC  52 01 87 E6 3B B0 25 42   .+..}T..R...;.%B\n",
      "0150   2B E8 85 63 C6 36 73 56  CF 9C 7B 29 A5 51 27 AF   +..c.6sV..{).Q'.\n",
      "0160   AD C1 24 B5 3C 97 4D 4D  CF 86 53 77 E2 A5 C8 AA   ..$.<.MM..Sw....\n",
      "0170   8F C7 75 73 D4 8F 2C C6  DC 56 73 E1 F7 37 9C 6E   ..us..,..Vs..7.n\n",
      "0180   E6 3E B6 B3 64 03 88 2E  ED D2 59 2C 1C 2E 69 E8   .>..d.....Y,..i.\n",
      "0190   7C 84 84 B6 56 5D 44 34  4B 47 F6 8A E5 DB 7E 7D   |...V]D4KG....~}\n",
      "01a0   EA 4F BB FB B3 44 3E 92  37 A8 DB 27 41 FE CC CF   .O...D>.7..'A...\n",
      "01b0   F6 7D 80 95 07 61 1C 95  8A 6F 81 B5 88 5A AD 90   .}...a...o...Z..\n",
      "01c0   5E 28 64 25 C2 12 8A D9  49 D1 B0 E4 81 96 71 72   ^(d%....I.....qr\n",
      "01d0   83 F5 C5 E0 1E 05 82 A9  C3 6F 37 BB 71 7D BA B4   .........o7.q}..\n",
      "01e0   13 13 6A 1B BF 86 E9 AF  73 5A 46 A0 3E D0 05 2D   ..j.....sZF.>..-\n",
      "01f0   2D AD 67 CF 4B DA E8 37  32 B9 4C A8 66 65 03 97   -.g.K..72.L.fe..\n",
      "0200   4D D8 14 33 27 CE 0A 25  A3 E5 48 7B 1E A5 9F E4   M..3'..%..H{....\n",
      "0210   DC A9 EE E3 94 63 F8 E5  9E 26 7E B2 8B F6 CF 6C   .....c...&~....l\n",
      "0220   3C FF C4 42 DA 7E E2 C6  F1 8A E9 EF 56 6B D2 6D   <..B.~......Vk.m\n",
      "0230   EA E3 3A 92 69 97 4A 91  6F C5 BA AA 5B 86 DF C5   ..:.i.J.o...[...\n",
      "0240   55 84 2F C3 7D FD 16 4E  F2 25 B0 E6 39 C4 80 D0   U./.}..N.%..9...\n",
      "0250   C9 D9 5D D2 CC E4 0A 58  CE B1 5B 02 75 C3 E2 79   ..]....X..[.u..y\n",
      "0260   21 D8 FB CB BD 0E D4 8B  35 AD D1 E6 EF B3 D2 0E   !.......5.......\n",
      "0270   4F 93 C7 3D BE 3F 7A 3B  DC 2C DF 78 C3 4B 86 E1   O..=.?z;.,.x.K..\n",
      "0280   B0 5E D5 9E 75 68 71 EC  D3 86 40 79 5B CB 01 84   .^..uhq...@y[...\n",
      "0290   56 35 FA 96 80 BF 6D 96  3F 63 18 AB B8 11 AC 8B   V5....m.?c......\n",
      "02a0   0C 3D F4 D2 AA 20 94 BD  80 B7 C8 84 D1 95 86 F7   .=... ..........\n",
      "02b0   53 97 37 BB E1 A0 C7 F2  80 DE C2 D2 9B C0 F0 42   S.7............B\n",
      "02c0   FF D2 09 01 6C 32 94 DF  15 9C D1 CC AC 3D D2 9F   ....l2.......=..\n",
      "02d0   A5 4D 61 A3 D2 55 C8 4D  E0 49 C5 DE A0 E1 6C 21   .Ma..U.M.I....l!\n",
      "02e0   53 E3 C5 B3 A0 94 9F D6  24 99 8C D5 41 2D C8 40   S.......$...A-.@\n",
      "02f0   91 26 F2 2D 67 59 B4 7D  B3 E6 D9 31 21 DE 2F B1   .&.-gY.}...1!./.\n",
      "0300   BC E9 4A 93 14 69 AC E5  CB 13 C1 58 D0 BD 8D 9D   ..J..i.....X....\n",
      "0310   CB A5 E3 FE 6E 5B 2C 5A  E3 BC 4A 0A 67 39 42 06   ....n[,Z..J.g9B.\n",
      "0320   85 DD 45 7C 8F 73 6E 35  67 5B AA D5 88 41 F2 63   ..E|.sn5g[...A.c\n",
      "0330   C5 BC 63 11 67 BC 22 EA  29 9B 16 6F B8 46 7E D9   ..c.g.\".)..o.F~.\n",
      "0340   36 F5 D8 F4 FD 92 1B 75  63 B3 40 CB CE 06 57 A4   6......uc.@...W.\n",
      "0350   BA CA 5A 81 48 1B 48 F6  F2 5D D2 DD 73 5B 81 79   ..Z.H.H..]..s[.y\n",
      "0360   06 49 3F 7F C3 22 48 82  E6 FA 29 42 60 FB 13 56   .I?..\"H...)B`..V\n",
      "0370   48 36 B2 36 54 EF 46 C0  BC 92 26 BE 4D 30 62 BF   H6.6T.F...&.M0b.\n",
      "0380   97 D9 5A CF D6 61 7C 72  08 EC 71 F2 BE 54 9A F1   ..Z..a|r..q..T..\n",
      "0390   E4 E4 22 38 31 E1 DA C7  86 9B 48 EF 84 13 1A 76   ..\"81.....H....v\n",
      "03a0   E1 2A 73 44 E9 6C 6E 82  F0 3F DB AC AB A9 89 98   .*sD.ln..?......\n",
      "03b0   AB 45 71 5C D1 56 D3 C5  03 65 9A F6 0D 38 2B A9   .Eq\\.V...e...8+.\n",
      "03c0   60 C2 4E A2 40 BA 25 76  16 2D E0 AB 54 1A 5A 8B   `.N.@.%v.-..T.Z.\n",
      "03d0   8B 38 50 D0 9E 32 03 31  D9 63 62 0A FD FF 68 E7   .8P..2.1.cb...h.\n",
      "03e0   0B 91 22 B3 F2 6A B8 F5  EA BE C9 83 9A 88 EF 7B   ..\"..j.........{\n",
      "03f0   97 A8 5B 56 A1 4C 4F A7  89 F6 F4 47 E4 2C 3E C7   ..[V.LO....G.,>.\n",
      "0400   67 EE 98 0D F4 F0 5D FB  9E 23 E5 69 15 0D 6C D0   g.....]..#.i..l.\n",
      "0410   5C D8 43 93 DF 03 65 78  8C 84 49 85 2C E9 98 82   \\.C...ex..I.,...\n",
      "0420   B7 3F 95 29 02 0A 01 74  84 3C 2E A6 AF 67 E2 0B   .?.)...t.<...g..\n",
      "0430   71 E0 C1 99 92 8D FE 40  21 7D 97 DF AA B6 4F 34   q......@!}....O4\n",
      "0440   D1 C0 13 78 63 5F 8D 31  3E 8E 49 4A 8B 25 9C 65   ...xc_.1>.IJ.%.e\n",
      "0450   9F 8E E6 0C 60 98 23 69  5E 55 CC 21 29 EB C6 E7   ....`.#i^U.!)...\n",
      "0460   B9 C7 F0 2A 25 66 F1 54  AF 2D 4B 3F 13 3E 3E 5E   ...*%f.T.-K?.>>^\n",
      "0470   82 89 B6 51 52 CF 0A 22  28 73 C1 FE 5B CC A9 79   ...QR..\"(s..[..y\n",
      "0480   F0 9A 91 10 D2 C3 0E FD  12 58 42 3A 79 03 60 31   .........XB:y.`1\n",
      "0490   E1 EC F1 AD 64 38 0E E3  63 91 3B EC C2 1F 1F B9   ....d8..c.;.....\n",
      "04a0   ED E1 05 1F B5 29 55 4E  FB 8E 89 30 D1 65 52 D4   .....)UN...0.eR.\n",
      "04b0   92 BB 8F 17 20 FA 75 5C  2A 19 DC F8 08 CD AC 27   .... .u\\*......'\n",
      "04c0   5E F1 F8 24 0C 28 0F 8D  25 1B DD F0 A3 FD AA 75   ^..$.(..%......u\n",
      "04d0   B0 ED 4E 36 25 CB 06 CE  70 67 BD 9C 0D 1F 8D 73   ..N6%...pg.....s\n",
      "04e0   51 F2 6B 54 D6 27 DB 82  28 31 35 5A 62 EC 9A DA   Q.kT.'..(15Zb...\n",
      "04f0   49 ED C3 EA 9C 90 08 D6  7B 54 85 AF 15 4B 1E 55   I.......{T...K.U\n",
      "0500   A8 A1 AF AE B9 97 7B ED  80 DF 59 4E CF 46 A5 FF   ......{...YN.F..\n",
      "0510   D5 06 6D 57 BF 4A 3E 6B  6C F5 74 3D DA A4 2D A6   ..mW.J>kl.t=..-.\n",
      "0520   D7 98 CB 2F D4 5E 23 ED  05 93 34 B9 00 B0 D9 4B   .../.^#...4....K\n",
      "0530   86 24 43 45 AE FA E2 BD  13 B0 CA B7 BB BB 3C 0E   .$CE..........<.\n",
      "0540   A6 F1 B0 8D 0F 84 34 3A  D7 50 85 69 F4 6D D8 12   ......4:.P.i.m..\n",
      "0550   43 1D AD CC E8 F4 A2 57  BE C2 7F 1B EF 47 C9 44   C......W.....G.D\n",
      "0560   8E CB CD B2 D1 F0 70 AE  5E 38 C8 17 D8 E4 9C 39   ......p.^8.....9\n",
      "0570   D2 C0 AB 81 41 EC 67 7B  A6 95 C7 21 19 E9 D9 42   ....A.g{...!...B\n",
      "0580   6E 6E 53 A6 8B 8F 8D 58  EE 62 22 92 66 01 35 25   nnS....X.b\".f.5%\n",
      "0590   86 48 F3 1B 20 03 F9 8E  7A 30 C9 1A 1F B1 DE 64   .H.. ...z0.....d\n",
      "05a0   63 63 41 A8 05 63 B9 37  F8 52 39 D3 3C FD B1 82   ccA..c.7.R9.<...\n",
      "05b0   94 7B 62 8C E5 CD C4 70  65 03 E4 FA 2A C7 A2 42   .{b....pe...*..B\n",
      "05c0   75 62 20 6E 1A B4 09 B8  1F BF 3D B4 83 11 9D CA   ub n......=.....\n",
      "05d0   80 BF F2 B5 B2 EC                                  ......\n",
      "0001 18:54:36.041997 Ether / IP / TCP 192.168.1.2:2397 > 202.89.233.101:https PA / Raw\n",
      "0000   28 DE A8 02 88 AB D4 93  90 18 94 52 08 00 45 00   (..........R..E.\n",
      "0010   04 C2 CD 0E 40 00 80 06  B3 BD C0 A8 01 02 CA 59   ....@..........Y\n",
      "0020   E9 65 09 5D 01 BB FE 8D  9E 6F 9E 32 21 32 50 18   .e.].....o.2!2P.\n",
      "0030   03 FD 91 33 00 00 AA 99  C6 20 26 47 A7 71 2B 04   ...3..... &G.q+.\n",
      "0040   62 BC 1A 2C EF 99 85 4B  11 6F 0F DA 40 01 C5 62   b..,...K.o..@..b\n",
      "0050   9B B7 39 A7 F6 51 20 8D  CF 64 C2 10 97 98 E9 EB   ..9..Q ..d......\n",
      "0060   2B 17 42 4C F0 D0 E8 A9  05 F3 11 08 96 BC A8 06   +.BL............\n",
      "0070   04 5A C7 57 CF 4F 84 B8  3F 64 0A 3F 0C A7 67 BC   .Z.W.O..?d.?..g.\n",
      "0080   F5 B1 2B 9F 55 B3 88 C3  E5 3D 77 D1 00 29 E6 4A   ..+.U....=w..).J\n",
      "0090   5C 41 F2 1D DC DA 5F 5C  D6 1D E3 62 25 78 39 FD   \\A...._\\...b%x9.\n",
      "00a0   D1 CF 6F 82 6F 3A B8 7A  C7 DC 3B 49 A6 AE 3E DA   ..o.o:.z..;I..>.\n",
      "00b0   B6 1F FD 0D 9F 1E BF 96  32 B8 09 65 E8 8E A2 13   ........2..e....\n",
      "00c0   E6 0E 21 9B A2 51 26 C7  50 EA C9 5E E1 60 C0 EF   ..!..Q&.P..^.`..\n",
      "00d0   0B AB AE 6C FA 7C 6A F2  E6 BC 69 88 C6 66 78 66   ...l.|j...i..fxf\n",
      "00e0   31 AE 33 D1 53 AC F4 82  9F A8 C7 E9 6B A3 F2 9C   1.3.S.......k...\n",
      "00f0   9C FF EC AD 27 DA A2 CE  2B 2E F7 1D FC 62 74 E6   ....'...+....bt.\n",
      "0100   A3 35 3B A4 41 B7 D6 A5  F6 5D 9E 66 3B F6 4E F6   .5;.A....].f;.N.\n",
      "0110   67 43 43 AE 4F 05 07 EE  25 AF 5C E6 5C A0 9E 16   gCC.O...%.\\.\\...\n",
      "0120   18 EF DE 44 01 AB 99 FC  05 CB 5F B9 5F 5C 41 99   ...D......_._\\A.\n",
      "0130   1F AE 31 AB 42 9F CE 23  60 00 D8 3F 30 0A BA 9B   ..1.B..#`..?0...\n",
      "0140   7B 46 49 EF AB 6F FE 5E  A2 C8 E9 75 43 7D 9C C9   {FI..o.^...uC}..\n",
      "0150   66 BF 43 61 A6 6E 8B 36  8E 68 62 77 76 2B D6 93   f.Ca.n.6.hbwv+..\n",
      "0160   B4 94 DD 42 B5 17 C1 40  A6 65 63 EB DC 30 59 F6   ...B...@.ec..0Y.\n",
      "0170   21 32 8D 8A 93 3D 4C 94  64 B9 C2 C9 2F BA 93 BC   !2...=L.d.../...\n",
      "0180   5B 07 88 EF 5F C5 29 60  F5 CA E0 EF 04 B0 6A 48   [..._.)`......jH\n",
      "0190   C2 AB 8F 89 FF C9 2C 4A  33 78 6B 12 C0 74 89 CF   ......,J3xk..t..\n",
      "01a0   65 D4 FD 30 DB 20 EF 65  FC CA 2F 38 8B B8 76 FD   e..0. .e../8..v.\n",
      "01b0   C0 2D 22 E8 EE 09 73 9D  F9 E2 8C 5C 91 06 A5 04   .-\"...s....\\....\n",
      "01c0   20 80 B4 08 E9 AF 7F 69  AE 53 21 42 77 81 98 80    ......i.S!Bw...\n",
      "01d0   ED 3E 3F 4C 75 7F 2D EB  DB EC 18 FE 6A 7A F7 33   .>?Lu.-.....jz.3\n",
      "01e0   02 52 04 B2 6B 93 FC 47  C8 9F EE AE 9E 15 E9 8D   .R..k..G........\n",
      "01f0   6F 9C EC 4E E9 7E 44 ED  F2 AE 60 0C 1F 31 69 D6   o..N.~D...`..1i.\n",
      "0200   49 CD 28 76 0A 4B C3 3E  BA 34 09 B5 1A 0A 71 E3   I.(v.K.>.4....q.\n",
      "0210   9B 75 FA 88 9A D2 B2 10  65 50 C1 F4 1E 3A FC EB   .u......eP...:..\n",
      "0220   68 CE 26 01 C6 16 41 5D  59 09 99 38 CF 46 39 47   h.&...A]Y..8.F9G\n",
      "0230   52 26 F1 E5 F2 9A 6D 09  C6 9D 14 6D 30 C0 05 3F   R&....m....m0..?\n",
      "0240   C7 68 F6 C6 8C 0E 7D 49  2B BF 87 51 26 08 90 83   .h....}I+..Q&...\n",
      "0250   12 63 34 E6 F6 CE 73 A5  6E 66 9B E9 4C 60 0B 59   .c4...s.nf..L`.Y\n",
      "0260   86 37 40 DC EC 1C FA 99  6C 7E 79 99 3C F6 AE 50   .7@.....l~y.<..P\n",
      "0270   58 7F E9 C6 57 8D 33 E9  82 A6 F3 6D E8 BF 63 F6   X...W.3....m..c.\n",
      "0280   60 B7 D0 14 A9 B5 B8 FC  55 18 87 F8 C6 B6 BE E7   `.......U.......\n",
      "0290   8D 10 79 05 D4 08 B0 5F  E1 EC D0 43 24 CF E8 CC   ..y...._...C$...\n",
      "02a0   AD 07 2A E4 28 E3 BF F0  1D 9F 3B 40 81 A2 9E C2   ..*.(.....;@....\n",
      "02b0   F0 3A F4 64 D0 90 F0 D9  07 2F 2D 38 6A FC 2D CB   .:.d...../-8j.-.\n",
      "02c0   9A D3 BF 9E 5B 83 A2 63  FA B2 46 87 C4 F4 FA FB   ....[..c..F.....\n",
      "02d0   99 77 E3 08 61 27 81 69  14 09 F7 BA 45 3B 50 FB   .w..a'.i....E;P.\n",
      "02e0   67 53 A8 26 81 17 76 A3  40 10 AD DD 3B 92 D2 41   gS.&..v.@...;..A\n",
      "02f0   12 C9 D2 23 17 3E EE 5F  6E 04 0A CE EA A1 4C 24   ...#.>._n.....L$\n",
      "0300   0C 7A 16 D8 EC A0 CA 14  D4 5C 4F E4 52 C4 BC 71   .z.......\\O.R..q\n",
      "0310   44 05 66 E0 71 2B C0 F6  AD FD A4 50 38 52 B6 70   D.f.q+.....P8R.p\n",
      "0320   9C AC 05 01 27 D5 A8 BE  34 11 12 49 EF F2 39 1B   ....'...4..I..9.\n",
      "0330   A9 AA 80 8B 08 33 D6 51  6E 16 30 43 45 70 C4 9B   .....3.Qn.0CEp..\n",
      "0340   55 45 C0 F6 5C 18 95 A6  0C C8 B8 A3 A6 FA 96 78   UE..\\..........x\n",
      "0350   5A 5F 89 D3 3D AA F2 43  AB 84 36 F2 C0 CD 1A 80   Z_..=..C..6.....\n",
      "0360   3F 26 2C 8D 33 32 3C 8D  DC 7F 99 E2 AB C4 B8 87   ?&,.32<.........\n",
      "0370   D6 E3 B2 88 08 AE 36 0E  9A 23 DB 79 CB 1B 15 64   ......6..#.y...d\n",
      "0380   7B E2 04 68 54 CA 1C 7D  F3 6C DD 50 EA E2 0E 3F   {..hT..}.l.P...?\n",
      "0390   3D 64 D8 E5 72 B1 49 A7  45 12 79 4A E1 D7 6F EE   =d..r.I.E.yJ..o.\n",
      "03a0   40 0E AD 5F 84 F5 D8 85  4B 53 1B 60 90 0A 50 D2   @.._....KS.`..P.\n",
      "03b0   DC ED B3 0B 1E 85 B8 1C  72 69 F2 4A 71 B3 23 2E   ........ri.Jq.#.\n",
      "03c0   85 6C B9 C7 3E DF D0 AF  65 F4 31 59 8A D6 03 72   .l..>...e.1Y...r\n",
      "03d0   69 AD C1 F9 DD 90 FF 16  0E BF 8B 63 92 51 CC 69   i..........c.Q.i\n",
      "03e0   30 3B 85 8D 35 D8 FA 8C  C5 29 6D 13 B6 C1 73 85   0;..5....)m...s.\n",
      "03f0   D7 63 72 8B 00 27 96 99  3E 3B D1 E1 A7 46 11 01   .cr..'..>;...F..\n",
      "0400   81 3A 40 F5 DB 29 57 F0  82 92 34 FD 18 19 26 B6   .:@..)W...4...&.\n",
      "0410   8C 9C FC 54 87 76 7B 30  B9 92 6A 37 8D 46 78 0E   ...T.v{0..j7.Fx.\n",
      "0420   A8 F5 A8 5F 61 EB C4 70  B6 93 DB A3 53 62 59 61   ..._a..p....SbYa\n",
      "0430   69 82 89 D6 6C A9 13 EF  DA 15 36 EA B9 82 B8 5B   i...l.....6....[\n",
      "0440   C9 87 D6 B1 7F 1D 7D 6D  B2 50 6B 55 B2 48 82 25   ......}m.PkU.H.%\n",
      "0450   8F 1D 81 F3 05 C8 7D BE  BD 80 3D F5 B2 DF 27 7E   ......}...=...'~\n",
      "0460   04 EB 70 3B D8 B6 73 EA  6D F8 C4 D0 AE 06 56 D3   ..p;..s.m.....V.\n",
      "0470   90 8E ED 0A 83 9D F9 C2  6C 6F 57 89 73 9F 80 E3   ........loW.s...\n",
      "0480   F6 FF 1D 82 16 9C DB E1  4F F0 7F F0 7C 26 F7 13   ........O...|&..\n",
      "0490   D3 1D 6E 0F 08 61 59 5E  91 DF ED C2 DA 50 4C 4C   ..n..aY^.....PLL\n",
      "04a0   75 82 57 C5 A0 5E D8 0A  73 51 AA C6 C2 04 93 24   u.W..^..sQ.....$\n",
      "04b0   D2 F7 CE 72 79 AB 90 FD  33 F9 C6 35 10 DE 81 6E   ...ry...3..5...n\n",
      "04c0   49 EA CC 2B 04 B3 6B 20  6B 15 AC ED 92 32 BB 21   I..+..k k....2.!\n",
      "0002 18:54:36.042159 Ether / IP / TCP 192.168.1.2:2397 > 202.89.233.101:https PA / Raw\n",
      "0000   28 DE A8 02 88 AB D4 93  90 18 94 52 08 00 45 00   (..........R..E.\n",
      "0010   03 A8 CD 0F 40 00 80 06  B4 D6 C0 A8 01 02 CA 59   ....@..........Y\n",
      "0020   E9 65 09 5D 01 BB FE 8D  A3 09 9E 32 21 32 50 18   .e.].......2!2P.\n",
      "0030   03 FD 84 C8 00 00 17 03  03 03 7B 4E 56 C9 37 BF   ..........{NV.7.\n",
      "0040   2D B4 0E 48 3C 44 8E 61  3A 4F 07 E1 43 B8 42 97   -..H<D.a:O..C.B.\n",
      "0050   1C 6D 6B 25 F4 B2 67 AE  26 FD D5 F9 54 48 F4 98   .mk%..g.&...TH..\n",
      "0060   5D B8 89 29 2A C7 99 C1  D3 32 D7 A8 20 66 E7 F3   ]..)*....2.. f..\n",
      "0070   22 EF CE 73 0F C9 3B 17  73 EB BE 5F 7D 7E 99 DE   \"..s..;.s.._}~..\n",
      "0080   4B E9 0A BE 23 09 78 B3  C1 27 EF 1B A2 00 5D DF   K...#.x..'....].\n",
      "0090   36 B1 E5 27 FE BB 94 74  AA 61 FB 61 04 AC 25 71   6..'...t.a.a..%q\n",
      "00a0   15 88 9F 08 95 CC E0 C4  9B 46 4B 59 29 B3 C4 80   .........FKY)...\n",
      "00b0   16 D6 2B 32 EB 94 0C AC  4F BB 7D 76 1B 6A DE 1F   ..+2....O.}v.j..\n",
      "00c0   9F EF 38 B0 B1 54 E3 5C  CC 8E BC BA 8D 77 2D 4E   ..8..T.\\.....w-N\n",
      "00d0   2E 88 17 14 A3 09 1F AB  91 F5 2A 42 08 84 DC C2   ..........*B....\n",
      "00e0   17 7B 0F F0 52 D9 9B D9  2A C4 74 7E 99 CC 17 84   .{..R...*.t~....\n",
      "00f0   3E CF BC 3F 6D 27 E5 67  AE C7 A4 C1 B0 F7 58 36   >..?m'.g......X6\n",
      "0100   80 D3 D9 92 A7 2E D0 6A  1D CB 63 22 03 5C 23 51   .......j..c\".\\#Q\n",
      "0110   F4 81 2A 7C 42 50 49 23  50 D6 B7 10 1B 26 4F 7F   ..*|BPI#P....&O.\n",
      "0120   C4 C3 30 AF BB CB BB 52  88 40 53 35 FE 41 6B F2   ..0....R.@S5.Ak.\n",
      "0130   53 51 1C 62 D7 4E 99 DD  E8 E3 F8 9F 4F B9 A2 2F   SQ.b.N......O../\n",
      "0140   75 CA 6D D4 28 AD 05 A0  CF E3 F1 3C E9 6B F0 F7   u.m.(......<.k..\n",
      "0150   00 A1 EA 57 4C C4 7F AB  3F 9C 53 85 6E E1 B1 EE   ...WL...?.S.n...\n",
      "0160   9D DD F7 67 5C 6E 26 7F  B2 85 42 DE FB 47 C2 FE   ...g\\n&...B..G..\n",
      "0170   AC E3 18 FB FE 43 E9 88  D3 F1 7E 0F 23 64 07 AC   .....C....~.#d..\n",
      "0180   F5 1F 1E 7E 87 0E 13 28  E6 C1 9B 18 45 A8 A5 1C   ...~...(....E...\n",
      "0190   C6 E7 17 09 E9 32 A6 A6  DF 41 F3 B0 FE C5 39 BC   .....2...A....9.\n",
      "01a0   D3 93 E8 31 0B 3A 62 83  14 C6 F0 55 A2 2F A2 9B   ...1.:b....U./..\n",
      "01b0   CA 02 42 DA F7 8C 7B 4B  C6 A1 00 38 E1 18 D6 6A   ..B...{K...8...j\n",
      "01c0   8A A0 E4 69 BD F6 2C EF  02 AF 97 FA 92 D6 07 24   ...i..,........$\n",
      "01d0   47 54 8F C4 D0 FD 4F 18  53 C6 BA 9D B4 54 C3 5B   GT....O.S....T.[\n",
      "01e0   83 1C BF 78 48 96 E2 40  AC 82 91 F5 9E 63 80 EF   ...xH..@.....c..\n",
      "01f0   D1 97 B1 BB AB 64 C4 76  B3 99 72 61 E4 D4 19 42   .....d.v..ra...B\n",
      "0200   ED 1E 56 2E 99 48 C3 20  D2 C5 77 AB 6E AC 6C 8C   ..V..H. ..w.n.l.\n",
      "0210   9D BF 8C CC 61 EA 17 BB  E0 27 BC 90 75 79 BA 27   ....a....'..uy.'\n",
      "0220   C1 BE 89 4D F9 83 FE 1A  C0 05 B0 3B A6 9D 36 4E   ...M.......;..6N\n",
      "0230   15 07 B0 56 DD 6A A7 C9  6E 68 13 5A 80 8A 0D C7   ...V.j..nh.Z....\n",
      "0240   07 DF F5 E1 42 16 BF 9A  7F 2F AF 12 C4 57 62 1D   ....B..../...Wb.\n",
      "0250   EC DA 12 5F 4D F6 01 25  07 CB E4 F9 9B C7 33 1F   ..._M..%......3.\n",
      "0260   4A BC 2F D4 CF 10 90 9B  8D E8 5A 28 8F 69 8F F7   J./.......Z(.i..\n",
      "0270   BD E6 56 D6 29 6B 66 3B  CF 3C E3 1C 70 59 B0 56   ..V.)kf;.<..pY.V\n",
      "0280   4C 16 55 D2 D3 85 8D 3B  01 EE E6 88 96 62 73 C0   L.U....;.....bs.\n",
      "0290   C5 D3 6F 43 AE 33 46 5B  F3 E4 FE 9B 2C 6F E7 D1   ..oC.3F[....,o..\n",
      "02a0   09 2D 7F E7 E3 EB 14 42  AA 2F 5D D7 DF 0D 8D CF   .-.....B./].....\n",
      "02b0   7E 75 A9 68 E1 71 15 9B  BA D8 F3 13 8D F4 73 76   ~u.h.q........sv\n",
      "02c0   FC 32 FF E0 F1 5B F1 C3  9A FD 19 65 66 CD 4C A3   .2...[.....ef.L.\n",
      "02d0   3A 85 50 A7 F8 18 D1 93  ED 48 F2 6A B5 A5 8E 7B   :.P......H.j...{\n",
      "02e0   4F D0 2D DE 39 31 8E 16  2F E7 51 92 E8 A4 18 D8   O.-.91../.Q.....\n",
      "02f0   76 18 74 C6 B8 93 24 B5  37 2D 69 84 4A 06 42 1F   v.t...$.7-i.J.B.\n",
      "0300   31 CB 33 13 99 43 A7 19  59 B1 E3 FD 1D EA 2D AA   1.3..C..Y.....-.\n",
      "0310   A3 09 DF FC 31 A3 98 B9  02 41 12 24 49 59 2B E7   ....1....A.$IY+.\n",
      "0320   B7 CE E0 BB 26 3D 5A C9  E4 BF 1B C8 3F 2F 33 41   ....&=Z.....?/3A\n",
      "0330   01 6D A8 C2 5A D4 E2 53  7C 35 05 D7 F2 B9 C5 0E   .m..Z..S|5......\n",
      "0340   BC 5A E3 26 76 6F 21 59  98 0C 02 FA D9 4C 55 0D   .Z.&vo!Y.....LU.\n",
      "0350   1E CB 97 FE 0F 92 A6 87  B7 0A 73 52 ED 56 0F 4C   ..........sR.V.L\n",
      "0360   A0 92 C9 FB 65 93 79 50  51 3C B1 2A FE 09 CA 37   ....e.yPQ<.*...7\n",
      "0370   58 24 C5 3A F5 69 62 2D  E8 A4 5C C6 86 C6 9F BE   X$.:.ib-..\\.....\n",
      "0380   01 83 FD E9 68 77 5A 80  E9 2D 74 E2 71 96 8E D7   ....hwZ..-t.q...\n",
      "0390   5A 1A 58 09 2D 03 F5 42  65 18 72 AE A2 65 6B D1   Z.X.-..Be.r..ek.\n",
      "03a0   48 DD 43 94 30 D3 F0 B5  FC FE 81 27 4E 74 F4 7E   H.C.0......'Nt.~\n",
      "03b0   FA 08 85 07 6D 5C                                  ....m\\\n",
      "0003 18:54:36.042236 Ether / IP / TCP 192.168.1.2:2397 > 202.89.233.101:https PA / Raw\n",
      "0000   28 DE A8 02 88 AB D4 93  90 18 94 52 08 00 45 00   (..........R..E.\n",
      "0010   00 47 CD 10 40 00 80 06  B8 36 C0 A8 01 02 CA 59   .G..@....6.....Y\n",
      "0020   E9 65 09 5D 01 BB FE 8D  A6 89 9E 32 21 32 50 18   .e.].......2!2P.\n",
      "0030   03 FD 70 8B 00 00 17 03  03 00 1A 1F 8C B5 05 E3   ..p.............\n",
      "0040   04 E5 15 23 CB E3 0B 82  40 2E AF 94 C0 7A A1 BD   ...#....@....z..\n",
      "0050   B4 DD 0A 25 8D                                     ...%.\n",
      "0004 18:54:36.079664 Ether / IP / TCP 202.89.233.101:https > 192.168.1.2:2397 A / Padding\n",
      "0000   D4 93 90 18 94 52 28 DE  A8 02 88 AB 08 00 45 00   .....R(.......E.\n",
      "0010   00 28 FD BF 40 00 77 06  90 A6 CA 59 E9 65 C0 A8   .(..@.w....Y.e..\n",
      "0020   01 02 01 BB 09 5D 9E 32  21 32 FE 8D A3 09 50 10   .....].2!2....P.\n",
      "0030   40 02 8E 54 00 00 00 00  00 00 00 00               @..T........\n",
      "0005 18:54:36.079888 Ether / IP / TCP 202.89.233.101:https > 192.168.1.2:2397 A / Padding\n",
      "0000   D4 93 90 18 94 52 28 DE  A8 02 88 AB 08 00 45 00   .....R(.......E.\n",
      "0010   00 28 FD C0 40 00 77 06  90 A5 CA 59 E9 65 C0 A8   .(..@.w....Y.e..\n",
      "0020   01 02 01 BB 09 5D 9E 32  21 32 FE 8D A6 89 50 10   .....].2!2....P.\n",
      "0030   3F FE 8A D8 00 00 00 00  00 00 00 00               ?...........\n",
      "0006 18:54:36.079916 Ether / IP / TCP 202.89.233.101:https > 192.168.1.2:2397 A / Padding\n",
      "0000   D4 93 90 18 94 52 28 DE  A8 02 88 AB 08 00 45 00   .....R(.......E.\n",
      "0010   00 28 FD C1 40 00 77 06  90 A4 CA 59 E9 65 C0 A8   .(..@.w....Y.e..\n",
      "0020   01 02 01 BB 09 5D 9E 32  21 32 FE 8D A6 A8 50 10   .....].2!2....P.\n",
      "0030   3F FE 8A B9 00 00 00 00  00 00 00 00               ?...........\n",
      "0007 18:54:36.119554 Ether / IP / TCP 202.89.233.101:https > 192.168.1.2:2397 PA / Raw\n",
      "0000   D4 93 90 18 94 52 28 DE  A8 02 88 AB 08 00 45 00   .....R(.......E.\n",
      "0010   00 B2 FD C2 40 00 77 06  90 19 CA 59 E9 65 C0 A8   ....@.w....Y.e..\n",
      "0020   01 02 01 BB 09 5D 9E 32  21 32 FE 8D A6 A8 50 18   .....].2!2....P.\n",
      "0030   3F FE DE CD 00 00 17 03  03 00 85 CB 78 79 FB 8C   ?...........xy..\n",
      "0040   39 82 D1 43 8E 4E DB 3B  97 0C 3F E1 6A 17 79 0B   9..C.N.;..?.j.y.\n",
      "0050   2A CD 3C 3D 74 73 93 53  C1 28 41 A6 C3 EC 53 58   *.<=ts.S.(A...SX\n",
      "0060   FB 45 20 C9 9C 34 52 76  55 FD 18 2C 0D C9 B8 0D   .E ..4RvU..,....\n",
      "0070   A9 EC 8B C4 C5 06 F3 4F  7C 36 40 37 FD 00 A3 C8   .......O|6@7....\n",
      "0080   94 6B C3 0F 72 7B 80 6F  55 63 67 B0 BD 3A 6A 47   .k..r{.oUcg..:jG\n",
      "0090   E6 02 03 2D C3 70 7E 90  9E FE 65 CD 5E E2 A9 EF   ...-.p~...e.^...\n",
      "00a0   D9 5F 1A 87 B0 58 20 CB  7A AE 29 CE 4F 9A C3 FE   ._...X .z.).O...\n",
      "00b0   ED 06 1F 36 4D DE 75 68  48 1C 42 AC 18 EB FE 20   ...6M.uhH.B.... \n",
      "0008 18:54:36.119697 Ether / IP / TCP 192.168.1.2:2397 > 202.89.233.101:https A\n",
      "0000   28 DE A8 02 88 AB D4 93  90 18 94 52 08 00 45 00   (..........R..E.\n",
      "0010   00 28 CD 11 40 00 80 06  B8 54 C0 A8 01 02 CA 59   .(..@....T.....Y\n",
      "0020   E9 65 09 5D 01 BB FE 8D  A6 A8 9E 32 21 BC 50 10   .e.].......2!.P.\n",
      "0030   03 FD C6 30 00 00                                  ...0..\n",
      "0009 18:54:36.924969 Ether / IP / UDP 192.168.1.2:58917 > 138.2.100.52:2056 / Raw\n",
      "0000   28 DE A8 02 88 AB D4 93  90 18 94 52 08 00 45 00   (..........R..E.\n",
      "0010   00 35 C5 2B 00 00 80 11  C5 AB C0 A8 01 02 8A 02   .5.+............\n",
      "0020   64 34 E6 25 08 08 00 21  A3 A7 45 10 B3 D8 A7 E8   d4.%...!..E.....\n",
      "0030   11 92 B8 F4 B3 31 A3 32  94 A4 08 0D 35 CA EE 38   .....1.2....5..8\n",
      "0040   55 83 E6                                           U..\n",
      "0010 18:54:37.016910 28:de:a8:02:88:ab > ff:ff:ff:ff:ff:ff (0xfffa) / Raw\n",
      "0000   FF FF FF FF FF FF 28 DE  A8 02 88 AB FF FA 0B 6C   ......(........l\n",
      "0010   6F 6F 70 62 61 63 6B 00  00 00 00 00 00 00 00 00   oopback.........\n",
      "0020   00 00 00 00 01 00 00 00  0C 00 04 68 1A 00 00 00   ...........h....\n",
      "0030   00 00 00 00 00 00 00 00  00 00 00 00               ............\n",
      "0011 18:54:37.231981 Ether / IP / UDP 138.2.100.52:2056 > 192.168.1.2:58917 / Raw\n",
      "0000   D4 93 90 18 94 52 28 DE  A8 02 88 AB 08 00 45 00   .....R(.......E.\n",
      "0010   00 36 00 00 40 00 2D 11  9D D6 8A 02 64 34 C0 A8   .6..@.-.....d4..\n",
      "0020   01 02 08 08 E6 25 00 22  B7 B4 56 51 FA 39 FD F5   .....%.\"..VQ.9..\n",
      "0030   E7 0E 80 AC 57 20 1D D5  AB AF CD 72 BA B2 A8 85   ....W .....r....\n",
      "0040   AB C4 F6 94                                        ....\n"
     ]
    }
   ],
   "source": [
    "# hexdump显示\n",
    "pkts.hexdump()"
   ],
   "metadata": {
    "collapsed": false,
    "ExecuteTime": {
     "end_time": "2024-12-16T12:35:06.257055400Z",
     "start_time": "2024-12-16T12:35:06.245055100Z"
    }
   },
   "id": "951090679ec2a71"
  },
  {
   "cell_type": "markdown",
   "source": [
    "### 2.5 sniff监听"
   ],
   "metadata": {
    "collapsed": false
   },
   "id": "381f9916ddfdc35a"
  },
  {
   "cell_type": "code",
   "execution_count": 42,
   "outputs": [
    {
     "name": "stdout",
     "output_type": "stream",
     "text": [
      "0000 Ether / IP / ICMP 192.168.1.2 > 183.2.172.185 echo-request 0 / Raw\n",
      "0001 Ether / IP / ICMP 183.2.172.185 > 192.168.1.2 echo-reply 0 / Raw\n"
     ]
    }
   ],
   "source": [
    "sinffres = sniff(filter=\"icmp\", count=2)\n",
    "# filter中的内容按照wireshark标准语法写就行 count表示计数\n",
    "# 可选参数：prn 回调函数 iface 选择监听的网卡名称\n",
    "sinffres.show()"
   ],
   "metadata": {
    "collapsed": false,
    "ExecuteTime": {
     "end_time": "2024-12-16T12:44:48.235687500Z",
     "start_time": "2024-12-16T12:44:46.144938200Z"
    }
   },
   "id": "31878ed1dc27c9ef"
  },
  {
   "cell_type": "markdown",
   "source": [
    "## 3. 代码编写"
   ],
   "metadata": {
    "collapsed": false
   },
   "id": "ed853a835c694bc0"
  },
  {
   "cell_type": "markdown",
   "source": [
    "### 3.1 回调函数"
   ],
   "metadata": {
    "collapsed": false
   },
   "id": "8688250b645a3e06"
  },
  {
   "cell_type": "code",
   "execution_count": 43,
   "outputs": [
    {
     "name": "stdout",
     "output_type": "stream",
     "text": [
      "有ping包出现！目的地址是： 183.2.172.185\n",
      "有ping包出现！目的地址是： 192.168.1.2\n",
      "有ping包出现！目的地址是： 183.2.172.185\n",
      "有ping包出现！目的地址是： 192.168.1.2\n",
      "有ping包出现！目的地址是： 183.2.172.185\n",
      "有ping包出现！目的地址是： 192.168.1.2\n",
      "有ping包出现！目的地址是： 183.2.172.185\n",
      "有ping包出现！目的地址是： 192.168.1.2\n"
     ]
    },
    {
     "data": {
      "text/plain": "<Sniffed: TCP:0 UDP:0 ICMP:0 Other:0>"
     },
     "execution_count": 43,
     "metadata": {},
     "output_type": "execute_result"
    }
   ],
   "source": [
    "from kamene.all import *\n",
    "\n",
    "def myping_callback(pkt):\n",
    "    print(\"有ping包出现！目的地址是：\",pkt[\"IP\"].dst)\n",
    "\n",
    "sniff(prn=myping_callback, filter=\"icmp\", store=0)"
   ],
   "metadata": {
    "collapsed": false,
    "ExecuteTime": {
     "end_time": "2024-12-16T12:46:06.643326600Z",
     "start_time": "2024-12-16T12:45:56.884263900Z"
    }
   },
   "id": "aa88403e5b62cc67"
  },
  {
   "cell_type": "markdown",
   "source": [
    "### 3.2 制作表格"
   ],
   "metadata": {
    "collapsed": false
   },
   "id": "bb39cac11743979c"
  },
  {
   "cell_type": "code",
   "execution_count": 54,
   "outputs": [
    {
     "name": "stdout",
     "output_type": "stream",
     "text": [
      "Begin emission:\n",
      "Finished to send 6 packets.\n",
      "\n",
      "Received 220 packets, got 2 answers, remaining 4 packets\n"
     ]
    }
   ],
   "source": [
    "ans,unans=sr(IP(dst=\"www.baidu.com\", ttl=(1,6))/TCP())"
   ],
   "metadata": {
    "collapsed": false,
    "ExecuteTime": {
     "end_time": "2024-12-16T12:50:20.062456300Z",
     "start_time": "2024-12-16T12:49:59.542049800Z"
    }
   },
   "id": "b85beb0ac661635c"
  },
  {
   "cell_type": "code",
   "execution_count": 55,
   "outputs": [
    {
     "name": "stdout",
     "output_type": "stream",
     "text": [
      "  183.2.172.42 \n",
      "1 192.168.1.1  \n",
      "2 100.76.0.1   \n"
     ]
    }
   ],
   "source": [
    "ans.make_table(lambda s,r: (s.dst, s.ttl, r.src))"
   ],
   "metadata": {
    "collapsed": false,
    "ExecuteTime": {
     "end_time": "2024-12-16T12:50:22.722186200Z",
     "start_time": "2024-12-16T12:50:22.686171200Z"
    }
   },
   "id": "777a3899d1cbf8af"
  },
  {
   "cell_type": "markdown",
   "source": [
    "### 3.3 基于事件的编写"
   ],
   "metadata": {
    "collapsed": false
   },
   "id": "c3b726bc15ad653a"
  },
  {
   "cell_type": "code",
   "execution_count": 78,
   "outputs": [],
   "source": [
    "class HelloWorld(Automaton):\n",
    "    @ATMT.state(initial=1)\n",
    "    def BEGIN(self):\n",
    "        print(\"State=BEGIN\")\n",
    "\n",
    "    @ATMT.condition(BEGIN)\n",
    "    def wait_for_nothing(self):\n",
    "        print(\"Wait for nothing...\")\n",
    "        raise self.END()\n",
    "\n",
    "    @ATMT.action(wait_for_nothing)\n",
    "    def on_nothing(self):\n",
    "        print(\"Action on 'nothing' condition\")\n",
    "\n",
    "    @ATMT.state(final=1)\n",
    "    def END(self):\n",
    "        print(\"State=END\")"
   ],
   "metadata": {
    "collapsed": false,
    "ExecuteTime": {
     "end_time": "2024-12-16T12:59:56.580004100Z",
     "start_time": "2024-12-16T12:59:56.571005700Z"
    }
   },
   "id": "49d0c15d36115c43"
  },
  {
   "cell_type": "code",
   "execution_count": 80,
   "outputs": [
    {
     "name": "stdout",
     "output_type": "stream",
     "text": [
      "State=BEGIN\n",
      "Wait for nothing...\n",
      "Action on 'nothing' condition\n",
      "State=END\n"
     ]
    },
    {
     "ename": "RuntimeError",
     "evalue": "generator raised StopIteration",
     "output_type": "error",
     "traceback": [
      "\u001B[1;31m---------------------------------------------------------------------------\u001B[0m",
      "\u001B[1;31mRuntimeError\u001B[0m                              Traceback (most recent call last)",
      "Cell \u001B[1;32mIn[80], line 2\u001B[0m\n\u001B[0;32m      1\u001B[0m a \u001B[38;5;241m=\u001B[39m HelloWorld()\n\u001B[1;32m----> 2\u001B[0m \u001B[43ma\u001B[49m\u001B[38;5;241;43m.\u001B[39;49m\u001B[43mrun\u001B[49m\u001B[43m(\u001B[49m\u001B[43m)\u001B[49m\n",
      "File \u001B[1;32m~\\.conda\\envs\\kamene\\lib\\site-packages\\kamene\\automaton.py:715\u001B[0m, in \u001B[0;36mAutomaton.run\u001B[1;34m(self, resume, wait)\u001B[0m\n\u001B[0;32m    713\u001B[0m     \u001B[38;5;28;01mraise\u001B[39;00m \u001B[38;5;28mself\u001B[39m\u001B[38;5;241m.\u001B[39mBreakpoint(\u001B[38;5;124m\"\u001B[39m\u001B[38;5;124mbreakpoint triggered on state [\u001B[39m\u001B[38;5;132;01m%s\u001B[39;00m\u001B[38;5;124m]\u001B[39m\u001B[38;5;124m\"\u001B[39m\u001B[38;5;241m%\u001B[39mc\u001B[38;5;241m.\u001B[39mstate\u001B[38;5;241m.\u001B[39mstate, state\u001B[38;5;241m=\u001B[39mc\u001B[38;5;241m.\u001B[39mstate\u001B[38;5;241m.\u001B[39mstate)\n\u001B[0;32m    714\u001B[0m \u001B[38;5;28;01melif\u001B[39;00m c\u001B[38;5;241m.\u001B[39mtype \u001B[38;5;241m==\u001B[39m _ATMT_Command\u001B[38;5;241m.\u001B[39mEXCEPTION:\n\u001B[1;32m--> 715\u001B[0m     \u001B[38;5;28;01mraise\u001B[39;00m c\u001B[38;5;241m.\u001B[39mexc_info[\u001B[38;5;241m0\u001B[39m](c\u001B[38;5;241m.\u001B[39mexc_info[\u001B[38;5;241m1\u001B[39m])\n",
      "\u001B[1;31mRuntimeError\u001B[0m: generator raised StopIteration"
     ]
    }
   ],
   "source": [
    "a = HelloWorld()\n",
    "a.run()"
   ],
   "metadata": {
    "collapsed": false,
    "ExecuteTime": {
     "end_time": "2024-12-16T13:00:22.256387500Z",
     "start_time": "2024-12-16T13:00:22.226394900Z"
    }
   },
   "id": "5f9377d255ed90e0"
  },
  {
   "cell_type": "markdown",
   "source": [
    "## 4. 路由"
   ],
   "metadata": {
    "collapsed": false
   },
   "id": "3e433c70d2c82657"
  },
  {
   "cell_type": "markdown",
   "source": [
    "### 4.1 路由设置"
   ],
   "metadata": {
    "collapsed": false
   },
   "id": "c13853bcfa210263"
  },
  {
   "cell_type": "code",
   "execution_count": 56,
   "outputs": [
    {
     "data": {
      "text/plain": "Network         Netmask         Gateway         Iface           Output IP\n0.0.0.0         0.0.0.0         192.168.1.1     Intel(R) Ethernet Connection (16) I219-V 192.168.1.2    \n127.0.0.0       255.0.0.0       0.0.0.0         lo0             127.0.0.1      \n127.0.0.1       255.255.255.255 0.0.0.0         lo0             127.0.0.1      \n127.255.255.255 255.255.255.255 0.0.0.0         lo0             127.0.0.1      \n192.168.1.0     255.255.255.0   0.0.0.0         Intel(R) Ethernet Connection (16) I219-V 192.168.1.2    \n192.168.1.2     255.255.255.255 0.0.0.0         Intel(R) Ethernet Connection (16) I219-V 192.168.1.2    \n192.168.1.255   255.255.255.255 0.0.0.0         Intel(R) Ethernet Connection (16) I219-V 192.168.1.2    \n192.168.182.0   255.255.255.0   0.0.0.0         VMware Virtual Ethernet Adapter for VMnet8 192.168.182.1  \n192.168.182.1   255.255.255.255 0.0.0.0         VMware Virtual Ethernet Adapter for VMnet8 192.168.182.1  \n192.168.182.255 255.255.255.255 0.0.0.0         VMware Virtual Ethernet Adapter for VMnet8 192.168.182.1  \n192.168.213.0   255.255.255.0   0.0.0.0         VMware Virtual Ethernet Adapter for VMnet1 192.168.213.1  \n192.168.213.1   255.255.255.255 0.0.0.0         VMware Virtual Ethernet Adapter for VMnet1 192.168.213.1  \n192.168.213.255 255.255.255.255 0.0.0.0         VMware Virtual Ethernet Adapter for VMnet1 192.168.213.1  \n224.0.0.0       240.0.0.0       0.0.0.0         lo0             127.0.0.1      \n224.0.0.0       240.0.0.0       0.0.0.0         Intel(R) Ethernet Connection (16) I219-V 192.168.1.2    \n224.0.0.0       240.0.0.0       0.0.0.0         VMware Virtual Ethernet Adapter for VMnet8 192.168.182.1  \n224.0.0.0       240.0.0.0       0.0.0.0         VMware Virtual Ethernet Adapter for VMnet1 192.168.213.1  \n255.255.255.255 255.255.255.255 0.0.0.0         lo0             127.0.0.1      \n255.255.255.255 255.255.255.255 0.0.0.0         Intel(R) Ethernet Connection (16) I219-V 192.168.1.2    \n255.255.255.255 255.255.255.255 0.0.0.0         VMware Virtual Ethernet Adapter for VMnet8 192.168.182.1  \n255.255.255.255 255.255.255.255 0.0.0.0         VMware Virtual Ethernet Adapter for VMnet1 192.168.213.1  "
     },
     "execution_count": 56,
     "metadata": {},
     "output_type": "execute_result"
    }
   ],
   "source": [
    "conf.route"
   ],
   "metadata": {
    "collapsed": false,
    "ExecuteTime": {
     "end_time": "2024-12-16T12:51:42.850989700Z",
     "start_time": "2024-12-16T12:51:42.829973200Z"
    }
   },
   "id": "a10a9c2399cd0ca4"
  },
  {
   "cell_type": "code",
   "execution_count": 57,
   "outputs": [
    {
     "data": {
      "text/plain": "Network         Netmask         Gateway         Iface           Output IP\n0.0.0.0         0.0.0.0         192.168.1.1     Intel(R) Ethernet Connection (16) I219-V 192.168.1.2    \n127.0.0.0       255.0.0.0       0.0.0.0         lo0             127.0.0.1      \n127.0.0.1       255.255.255.255 0.0.0.0         lo0             127.0.0.1      \n127.255.255.255 255.255.255.255 0.0.0.0         lo0             127.0.0.1      \n192.168.1.0     255.255.255.0   0.0.0.0         Intel(R) Ethernet Connection (16) I219-V 192.168.1.2    \n192.168.1.2     255.255.255.255 0.0.0.0         Intel(R) Ethernet Connection (16) I219-V 192.168.1.2    \n192.168.1.255   255.255.255.255 0.0.0.0         Intel(R) Ethernet Connection (16) I219-V 192.168.1.2    \n192.168.182.0   255.255.255.0   0.0.0.0         VMware Virtual Ethernet Adapter for VMnet8 192.168.182.1  \n192.168.182.1   255.255.255.255 0.0.0.0         VMware Virtual Ethernet Adapter for VMnet8 192.168.182.1  \n192.168.182.255 255.255.255.255 0.0.0.0         VMware Virtual Ethernet Adapter for VMnet8 192.168.182.1  \n192.168.213.0   255.255.255.0   0.0.0.0         VMware Virtual Ethernet Adapter for VMnet1 192.168.213.1  \n192.168.213.1   255.255.255.255 0.0.0.0         VMware Virtual Ethernet Adapter for VMnet1 192.168.213.1  \n192.168.213.255 255.255.255.255 0.0.0.0         VMware Virtual Ethernet Adapter for VMnet1 192.168.213.1  \n224.0.0.0       240.0.0.0       0.0.0.0         lo0             127.0.0.1      \n224.0.0.0       240.0.0.0       0.0.0.0         Intel(R) Ethernet Connection (16) I219-V 192.168.1.2    \n224.0.0.0       240.0.0.0       0.0.0.0         VMware Virtual Ethernet Adapter for VMnet8 192.168.182.1  \n224.0.0.0       240.0.0.0       0.0.0.0         VMware Virtual Ethernet Adapter for VMnet1 192.168.213.1  \n255.255.255.255 255.255.255.255 0.0.0.0         lo0             127.0.0.1      \n255.255.255.255 255.255.255.255 0.0.0.0         Intel(R) Ethernet Connection (16) I219-V 192.168.1.2    \n255.255.255.255 255.255.255.255 0.0.0.0         VMware Virtual Ethernet Adapter for VMnet8 192.168.182.1  \n255.255.255.255 255.255.255.255 0.0.0.0         VMware Virtual Ethernet Adapter for VMnet1 192.168.213.1  \n183.2.172.185   255.255.255.255 192.168.1.1     Intel(R) Ethernet Connection (16) I219-V 192.168.1.2    "
     },
     "execution_count": 57,
     "metadata": {},
     "output_type": "execute_result"
    }
   ],
   "source": [
    "# 添加路由\n",
    "conf.route.add(host=\"www.baidu.com\",gw=\"192.168.1.1\")\n",
    "conf.route"
   ],
   "metadata": {
    "collapsed": false,
    "ExecuteTime": {
     "end_time": "2024-12-16T12:52:23.865352100Z",
     "start_time": "2024-12-16T12:52:23.816333Z"
    }
   },
   "id": "15653753c6778900"
  },
  {
   "cell_type": "code",
   "execution_count": 59,
   "outputs": [
    {
     "name": "stderr",
     "output_type": "stream",
     "text": [
      "WARNING: no matching route found\n"
     ]
    },
    {
     "data": {
      "text/plain": "Network         Netmask         Gateway         Iface           Output IP\n0.0.0.0         0.0.0.0         192.168.1.1     Intel(R) Ethernet Connection (16) I219-V 192.168.1.2    \n127.0.0.0       255.0.0.0       0.0.0.0         lo0             127.0.0.1      \n127.0.0.1       255.255.255.255 0.0.0.0         lo0             127.0.0.1      \n127.255.255.255 255.255.255.255 0.0.0.0         lo0             127.0.0.1      \n192.168.1.0     255.255.255.0   0.0.0.0         Intel(R) Ethernet Connection (16) I219-V 192.168.1.2    \n192.168.1.2     255.255.255.255 0.0.0.0         Intel(R) Ethernet Connection (16) I219-V 192.168.1.2    \n192.168.1.255   255.255.255.255 0.0.0.0         Intel(R) Ethernet Connection (16) I219-V 192.168.1.2    \n192.168.182.0   255.255.255.0   0.0.0.0         VMware Virtual Ethernet Adapter for VMnet8 192.168.182.1  \n192.168.182.1   255.255.255.255 0.0.0.0         VMware Virtual Ethernet Adapter for VMnet8 192.168.182.1  \n192.168.182.255 255.255.255.255 0.0.0.0         VMware Virtual Ethernet Adapter for VMnet8 192.168.182.1  \n192.168.213.0   255.255.255.0   0.0.0.0         VMware Virtual Ethernet Adapter for VMnet1 192.168.213.1  \n192.168.213.1   255.255.255.255 0.0.0.0         VMware Virtual Ethernet Adapter for VMnet1 192.168.213.1  \n192.168.213.255 255.255.255.255 0.0.0.0         VMware Virtual Ethernet Adapter for VMnet1 192.168.213.1  \n224.0.0.0       240.0.0.0       0.0.0.0         lo0             127.0.0.1      \n224.0.0.0       240.0.0.0       0.0.0.0         Intel(R) Ethernet Connection (16) I219-V 192.168.1.2    \n224.0.0.0       240.0.0.0       0.0.0.0         VMware Virtual Ethernet Adapter for VMnet8 192.168.182.1  \n224.0.0.0       240.0.0.0       0.0.0.0         VMware Virtual Ethernet Adapter for VMnet1 192.168.213.1  \n255.255.255.255 255.255.255.255 0.0.0.0         lo0             127.0.0.1      \n255.255.255.255 255.255.255.255 0.0.0.0         Intel(R) Ethernet Connection (16) I219-V 192.168.1.2    \n255.255.255.255 255.255.255.255 0.0.0.0         VMware Virtual Ethernet Adapter for VMnet8 192.168.182.1  \n255.255.255.255 255.255.255.255 0.0.0.0         VMware Virtual Ethernet Adapter for VMnet1 192.168.213.1  "
     },
     "execution_count": 59,
     "metadata": {},
     "output_type": "execute_result"
    }
   ],
   "source": [
    "# 删除路由\n",
    "conf.route.delt(host=\"www.baidu.com\",gw=\"192.168.1.1\")\n",
    "conf.route"
   ],
   "metadata": {
    "collapsed": false,
    "ExecuteTime": {
     "end_time": "2024-12-16T12:53:26.788429300Z",
     "start_time": "2024-12-16T12:53:26.752541800Z"
    }
   },
   "id": "5f6c6a01a88d56c4"
  },
  {
   "cell_type": "code",
   "execution_count": 60,
   "outputs": [
    {
     "data": {
      "text/plain": "Network         Netmask         Gateway         Iface           Output IP\n0.0.0.0         0.0.0.0         192.168.1.1     Intel(R) Ethernet Connection (16) I219-V 192.168.1.2    \n127.0.0.0       255.0.0.0       0.0.0.0         lo0             127.0.0.1      \n127.0.0.1       255.255.255.255 0.0.0.0         lo0             127.0.0.1      \n127.255.255.255 255.255.255.255 0.0.0.0         lo0             127.0.0.1      \n192.168.1.0     255.255.255.0   0.0.0.0         Intel(R) Ethernet Connection (16) I219-V 192.168.1.2    \n192.168.1.2     255.255.255.255 0.0.0.0         Intel(R) Ethernet Connection (16) I219-V 192.168.1.2    \n192.168.1.255   255.255.255.255 0.0.0.0         Intel(R) Ethernet Connection (16) I219-V 192.168.1.2    \n192.168.182.0   255.255.255.0   0.0.0.0         VMware Virtual Ethernet Adapter for VMnet8 192.168.182.1  \n192.168.182.1   255.255.255.255 0.0.0.0         VMware Virtual Ethernet Adapter for VMnet8 192.168.182.1  \n192.168.182.255 255.255.255.255 0.0.0.0         VMware Virtual Ethernet Adapter for VMnet8 192.168.182.1  \n192.168.213.0   255.255.255.0   0.0.0.0         VMware Virtual Ethernet Adapter for VMnet1 192.168.213.1  \n192.168.213.1   255.255.255.255 0.0.0.0         VMware Virtual Ethernet Adapter for VMnet1 192.168.213.1  \n192.168.213.255 255.255.255.255 0.0.0.0         VMware Virtual Ethernet Adapter for VMnet1 192.168.213.1  \n224.0.0.0       240.0.0.0       0.0.0.0         lo0             127.0.0.1      \n224.0.0.0       240.0.0.0       0.0.0.0         Intel(R) Ethernet Connection (16) I219-V 192.168.1.2    \n224.0.0.0       240.0.0.0       0.0.0.0         VMware Virtual Ethernet Adapter for VMnet8 192.168.182.1  \n224.0.0.0       240.0.0.0       0.0.0.0         VMware Virtual Ethernet Adapter for VMnet1 192.168.213.1  \n255.255.255.255 255.255.255.255 0.0.0.0         lo0             127.0.0.1      \n255.255.255.255 255.255.255.255 0.0.0.0         Intel(R) Ethernet Connection (16) I219-V 192.168.1.2    \n255.255.255.255 255.255.255.255 0.0.0.0         VMware Virtual Ethernet Adapter for VMnet8 192.168.182.1  \n255.255.255.255 255.255.255.255 0.0.0.0         VMware Virtual Ethernet Adapter for VMnet1 192.168.213.1  "
     },
     "execution_count": 60,
     "metadata": {},
     "output_type": "execute_result"
    }
   ],
   "source": [
    "# 重置路由\n",
    "conf.route.resync()\n",
    "conf.route"
   ],
   "metadata": {
    "collapsed": false,
    "ExecuteTime": {
     "end_time": "2024-12-16T12:53:43.062886900Z",
     "start_time": "2024-12-16T12:53:42.708138700Z"
    }
   },
   "id": "89510af56ff7f662"
  },
  {
   "cell_type": "markdown",
   "source": [
    "### 4.2 Traceroute追踪路由"
   ],
   "metadata": {
    "collapsed": false
   },
   "id": "c38c6008b90fa2ec"
  },
  {
   "cell_type": "code",
   "execution_count": 77,
   "outputs": [
    {
     "name": "stdout",
     "output_type": "stream",
     "text": [
      "Begin emission:\n",
      "Finished to send 80 packets.\n",
      "\n",
      "Received 50 packets, got 31 answers, remaining 49 packets\n",
      "   151.101.194.159:tcp80 173.231.12.107:tcp80 211.39.140.160:tcp80 69.147.80.15:tcp80 \n",
      "1  192.168.1.1     11    192.168.1.1     11   192.168.1.1     11   192.168.1.1     11 \n",
      "2  100.76.0.1      11    100.76.0.1      11   100.76.0.1      11   100.76.0.1      11 \n",
      "8  -                     -                    -                    202.97.58.250   11 \n",
      "12 62.115.137.108  11    -                    -                    74.6.224.109    11 \n",
      "13 62.115.142.128  11    -                    112.191.125.23  11   69.147.84.47    11 \n",
      "14 62.115.44.25    11    -                    112.191.124.165 11   -                  \n",
      "15 151.101.194.159 SA    -                    61.78.39.246    11   -                  \n",
      "16 151.101.194.159 SA    -                    211.39.140.160  SA   -                  \n",
      "17 151.101.194.159 SA    -                    211.39.140.160  SA   -                  \n",
      "18 151.101.194.159 SA    -                    211.39.140.160  SA   69.147.80.15    SA \n",
      "19 151.101.194.159 SA    -                    211.39.140.160  SA   69.147.80.15    SA \n",
      "20 151.101.194.159 SA    -                    211.39.140.160  SA   69.147.80.15    SA \n",
      "IP / TCP 192.168.1.2:34084 > 69.147.80.15:http S ==> IP / ICMP 192.168.1.1 > 192.168.1.2 time-exceeded ttl-zero-during-transit / IPerror / TCPerror\n",
      "IP / TCP 192.168.1.2:8143 > 173.231.12.107:http S ==> IP / ICMP 192.168.1.1 > 192.168.1.2 time-exceeded ttl-zero-during-transit / IPerror / TCPerror\n",
      "IP / TCP 192.168.1.2:28879 > 211.39.140.160:http S ==> IP / ICMP 192.168.1.1 > 192.168.1.2 time-exceeded ttl-zero-during-transit / IPerror / TCPerror\n",
      "IP / TCP 192.168.1.2:29807 > 151.101.194.159:http S ==> IP / ICMP 192.168.1.1 > 192.168.1.2 time-exceeded ttl-zero-during-transit / IPerror / TCPerror\n",
      "IP / TCP 192.168.1.2:4098 > 69.147.80.15:http S ==> IP / ICMP 100.76.0.1 > 192.168.1.2 time-exceeded ttl-zero-during-transit / IPerror / TCPerror\n",
      "IP / TCP 192.168.1.2:37654 > 173.231.12.107:http S ==> IP / ICMP 100.76.0.1 > 192.168.1.2 time-exceeded ttl-zero-during-transit / IPerror / TCPerror\n",
      "IP / TCP 192.168.1.2:7864 > 211.39.140.160:http S ==> IP / ICMP 100.76.0.1 > 192.168.1.2 time-exceeded ttl-zero-during-transit / IPerror / TCPerror\n",
      "IP / TCP 192.168.1.2:18158 > 151.101.194.159:http S ==> IP / ICMP 100.76.0.1 > 192.168.1.2 time-exceeded ttl-zero-during-transit / IPerror / TCPerror\n",
      "IP / TCP 192.168.1.2:47951 > 211.39.140.160:http S ==> IP / TCP 211.39.140.160:http > 192.168.1.2:47951 SA\n",
      "IP / TCP 192.168.1.2:15023 > 211.39.140.160:http S ==> IP / ICMP 112.191.124.165 > 192.168.1.2 time-exceeded ttl-zero-during-transit / IPerror / TCPerror\n",
      "IP / TCP 192.168.1.2:39552 > 211.39.140.160:http S ==> IP / ICMP 112.191.125.23 > 192.168.1.2 time-exceeded ttl-zero-during-transit / IPerror / TCPerror\n",
      "IP / TCP 192.168.1.2:18896 > 211.39.140.160:http S ==> IP / ICMP 61.78.39.246 > 192.168.1.2 time-exceeded ttl-zero-during-transit / IPerror / TCPerror\n",
      "IP / TCP 192.168.1.2:24455 > 211.39.140.160:http S ==> IP / TCP 211.39.140.160:http > 192.168.1.2:24455 SA\n",
      "IP / TCP 192.168.1.2:43072 > 211.39.140.160:http S ==> IP / TCP 211.39.140.160:http > 192.168.1.2:43072 SA\n",
      "IP / TCP 192.168.1.2:1586 > 211.39.140.160:http S ==> IP / TCP 211.39.140.160:http > 192.168.1.2:1586 SA\n",
      "IP / TCP 192.168.1.2:23367 > 211.39.140.160:http S ==> IP / TCP 211.39.140.160:http > 192.168.1.2:23367 SA\n",
      "IP / TCP 192.168.1.2:56691 > 151.101.194.159:http S ==> IP / ICMP 62.115.44.25 > 192.168.1.2 time-exceeded ttl-zero-during-transit / IPerror / TCPerror\n",
      "IP / TCP 192.168.1.2:52084 > 151.101.194.159:http S ==> IP / ICMP 62.115.137.108 > 192.168.1.2 time-exceeded ttl-zero-during-transit / IPerror / TCPerror / Padding\n",
      "IP / TCP 192.168.1.2:63971 > 151.101.194.159:http S ==> IP / ICMP 62.115.142.128 > 192.168.1.2 time-exceeded ttl-zero-during-transit / IPerror / TCPerror / Padding\n",
      "IP / TCP 192.168.1.2:60368 > 151.101.194.159:http S ==> IP / TCP 151.101.194.159:http > 192.168.1.2:60368 SA / Padding\n",
      "IP / TCP 192.168.1.2:62486 > 151.101.194.159:http S ==> IP / TCP 151.101.194.159:http > 192.168.1.2:62486 SA / Padding\n",
      "IP / TCP 192.168.1.2:22832 > 151.101.194.159:http S ==> IP / TCP 151.101.194.159:http > 192.168.1.2:22832 SA / Padding\n",
      "IP / TCP 192.168.1.2:41023 > 151.101.194.159:http S ==> IP / TCP 151.101.194.159:http > 192.168.1.2:41023 SA / Padding\n",
      "IP / TCP 192.168.1.2:29660 > 69.147.80.15:http S ==> IP / ICMP 202.97.58.250 > 192.168.1.2 time-exceeded ttl-zero-during-transit / IPerror / TCPerror / Padding\n",
      "IP / TCP 192.168.1.2:55720 > 151.101.194.159:http S ==> IP / TCP 151.101.194.159:http > 192.168.1.2:55720 SA / Padding\n",
      "IP / TCP 192.168.1.2:29684 > 151.101.194.159:http S ==> IP / TCP 151.101.194.159:http > 192.168.1.2:29684 SA / Padding\n",
      "IP / TCP 192.168.1.2:32488 > 69.147.80.15:http S ==> IP / TCP 69.147.80.15:http > 192.168.1.2:32488 SA / Padding\n",
      "IP / TCP 192.168.1.2:3274 > 69.147.80.15:http S ==> IP / ICMP 74.6.224.109 > 192.168.1.2 time-exceeded ttl-zero-during-transit / IPerror / TCPerror\n",
      "IP / TCP 192.168.1.2:31551 > 69.147.80.15:http S ==> IP / ICMP 69.147.84.47 > 192.168.1.2 time-exceeded ttl-zero-during-transit / IPerror / TCPerror\n",
      "IP / TCP 192.168.1.2:1636 > 69.147.80.15:http S ==> IP / TCP 69.147.80.15:http > 192.168.1.2:1636 SA / Padding\n",
      "IP / TCP 192.168.1.2:25330 > 69.147.80.15:http S ==> IP / TCP 69.147.80.15:http > 192.168.1.2:25330 SA / Padding\n"
     ]
    }
   ],
   "source": [
    "ans,unans = traceroute([\"www.yahoo.com\",\"www.altavista.com\",\"www.wisenut.com\",\"www.copernic.com\"],maxttl=20)\n",
    "ans.summary()"
   ],
   "metadata": {
    "collapsed": false,
    "ExecuteTime": {
     "end_time": "2024-12-16T12:58:45.617071100Z",
     "start_time": "2024-12-16T12:58:43.476109600Z"
    }
   },
   "id": "2667bd64979418d7"
  },
  {
   "cell_type": "markdown",
   "source": [
    "## 自定义协议"
   ],
   "metadata": {
    "collapsed": false
   },
   "id": "2bd3ebac07273343"
  },
  {
   "cell_type": "code",
   "execution_count": 86,
   "outputs": [],
   "source": [
    "from kamene.all import *\n",
    "\n",
    "\n",
    "class Disney(Packet):\n",
    "    name = \"DisneyPacket\"\n",
    "    fields_desc=[ShortField(\"mickey\", 5),\n",
    "                 XByteField(\"minnie\", 3),\n",
    "                 IntEnumField(\"donald\", 1,\n",
    "                      {1: \"happy\", 2: \"cool\" , 3: \"angry\"})]"
   ],
   "metadata": {
    "collapsed": false,
    "ExecuteTime": {
     "end_time": "2024-12-16T13:10:48.127964800Z",
     "start_time": "2024-12-16T13:10:48.107664500Z"
    }
   },
   "id": "a1caa1031d5b1b86"
  },
  {
   "cell_type": "code",
   "execution_count": 87,
   "outputs": [
    {
     "name": "stdout",
     "output_type": "stream",
     "text": [
      "###[ DisneyPacket ]###\n",
      "  mickey    = 1\n",
      "  minnie    = 0x3\n",
      "  donald    = happy\n"
     ]
    }
   ],
   "source": [
    "d=Disney(mickey=1)\n",
    "d.show()"
   ],
   "metadata": {
    "collapsed": false,
    "ExecuteTime": {
     "end_time": "2024-12-16T13:10:48.464763400Z",
     "start_time": "2024-12-16T13:10:48.445763200Z"
    }
   },
   "id": "fd0cc18ae740b102"
  },
  {
   "cell_type": "code",
   "execution_count": 91,
   "outputs": [
    {
     "name": "stdout",
     "output_type": "stream",
     "text": [
      "\n",
      "Sent 1 packets.\n"
     ]
    }
   ],
   "source": [
    "sendp(d)"
   ],
   "metadata": {
    "collapsed": false,
    "ExecuteTime": {
     "end_time": "2024-12-16T13:11:37.075379900Z",
     "start_time": "2024-12-16T13:11:37.059382200Z"
    }
   },
   "id": "94ff019171106aa5"
  },
  {
   "cell_type": "code",
   "execution_count": null,
   "outputs": [],
   "source": [],
   "metadata": {
    "collapsed": false
   },
   "id": "7d51fe9c5973317e"
  }
 ],
 "metadata": {
  "kernelspec": {
   "display_name": "Python 3",
   "language": "python",
   "name": "python3"
  },
  "language_info": {
   "codemirror_mode": {
    "name": "ipython",
    "version": 2
   },
   "file_extension": ".py",
   "mimetype": "text/x-python",
   "name": "python",
   "nbconvert_exporter": "python",
   "pygments_lexer": "ipython2",
   "version": "2.7.6"
  }
 },
 "nbformat": 4,
 "nbformat_minor": 5
}
